Is it ok to "--force-renewal" every months?

jvanasco · November 3, 2023, 2:45pm

Explaining the differences mentioned above for the next person to read this thread:

By default, Certbot runs a cronjob every day. It only renews the Certificates that exceed the renew time (with a default of 60 days). In the future this will be based on the Automatic Renewal Information payloads.
--force-renewal will tell certbot to force a renewal regardless of the expiry date. You can certainly run that every 30 days to force new certificates, but if it fails you will not be able to recover automatically until the next invocation. You can not run this daily, because that will break rate limits.
So the standard solution for this situation is what @9peppe and @rg305 mentioned above:

sblantipodi · November 3, 2023, 6:31pm

thank you very much for the explanation, this is much appreciated.

system · December 3, 2023, 6:32pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is there a penalty for running cron jobs to auto-renew? Issuance Policy	4	2671	August 24, 2016
New certificates every week Server	8	2828	July 29, 2017
Will requesting to renew an SSL certificate too many times when it expires be blocked? Help	13	2732	October 12, 2023
Error when crontab with --force-renew Server	7	5108	January 5, 2017
Unsure if my certs will auto renew or not Help	5	106	August 28, 2024